This training will familiarize system administrators and security professionals of any level with modern Windows attacks and best security practices, such as Windows security components and protocols, network scanning, Metasploit, lateral movements, credentials theft and vulnerability exploitation. After covering a large attack overview, the course introduces the latest Microsoft security features, such as Windows monitoring and log analysis, credentials protection, advanced authentication system, privileged access management, and much more. After that the course, members will understand how to protect their infrastructure against modern attacks. Gets your hands dirty: This class is practice-oriented, lectures present real-world attacks and defenses methods that participants put into practice.

ABOUTTHETRAINERS

The course gives an idea of how pentesters and hackers think, and the best way to defend against them. To do so, this training is given by a duo of Red Team / Blue Team engineers. Both trainers have in combination more than 15 years of experience in offensive and defensive security.

Participants should have some familiarity with Windows Domains. A notebook capable of running an SSH/RDP client in order to connect to the infrastructure containing the exercises. The training will be given in French.

Mastering Burp Suite Pro, 100% hands-on (EN)

3 days training, by Nicolas Grégoire

This training will be given in ENGLISH

Price: CHF 2250.-

DESCRIPTION

As nicely said in PoC||GTFO Volume II, « This is not a book about astronomy; rather, this is a book about telescopes ». In the same spirit, this training isn’t about Web hacking. Instead, this training is for Web hackers who want to master their toolbox. Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real-life engagements that can make the difference between a false-negative and a critical finding.

ABOUTTHETRAINERS

Nicolas Grégoire (aka @Agarri_FR) has nearly 20 years of experience in penetration testing and auditing of networks and (mostly Web) applications. He is an official Burp Suite Pro trainer since 2015, and trained hundreds of people since then, either privately or during infosec events. Outside of that, he runs Agarri, an one-guy company where he finds security bugs for customers and for fun. His public security research (that mostly deals with XML, XSLT and SSRF) was presented at numerous conferences around the world (HackInTheBox, ZeroNights, HackInParis, Nullcon, ...). He was also thanked by numerous vendors for responsibly disclosing vulnerabilities in their products and services, directly or through bug bounty programs.

Day 1 After an introduction to the training platform and its challenges, this day is spent on well defined tasks where the goal is to find flags, like in CTF contests. We practice basic automation using tools like Proxy, Repeater and Intruder. The goal is to improve the speed of our interactions with the tool, while monitoring and self-assessing our attacks.

Introduction: rules and advice, connecting to the network, description of the training platform and its challenges

On the second day, challenges get more realistic: solving them requires a good understanding of the underlying application and the usage of multiple Burp Suite tools, possibly including extensions. Additionally, we keep working on the efficiency of the testing workflow (using shortcuts or extensions) and on self-monitoring (now with Logger++). The latter skill will prove itself invaluable when working on session handling rules.

Traffic interception: HTTP exchanges and WebSocket messages are intercepted and modified on the fly, in order to bypass client-side protections or to subvert the logic of (emulated) mobile apps. That’s the only section where “Intercept is On” isn’t a problem

Macros and session handling rules for Web applications: terminology, basic setups, common use-cases (like managing CSRF tokens or logging-in automatically), applying session handling rules to third-party tools like sqlmap. Note that dealing with Web services (either SOAP or REST) is quite different and is covered in the separate section, on the third day

Day 3 The third day is used to dig deeper in advanced subjects. That covers authorization testing, custom active scanning, Web Services and much more! Built-in features are pushed to their limits, and extra ones provided by extensions are commonly used.

Two-way communication with the target: deploying and using a private Collaborator instance, patching the target byte-code with Infiltrator in order to receive additional details (filename, line number, ...), running an Infiltrator-only active scan

Scans and live tasks: differences between v1 and v2 (terminology, GUI, usage), using the scanner like in v1, description and testing of the much-improved crawler, configuring and running specialized scans, observing the oriented-graphs generated during crawling, using these graphs with “Crawl and Audit” (in order to audit CSRF-protected forms without macros)

During this training students will learn how to exploit vulnerabilities and bypass current security mitigations on Linux systems, against both local and remote targets. The training will start with a refresher on modern stack buffer overflows and then present other vulnerabilities classes, with a emphasis on heap exploitation and packed with many practice labs.

This training is for security professionals and/or CTF enthusiasts who want to improve their pwning skills.

ABOUTTHETRAINER

Adrien Stoffel (@__awe) is a full stack pwner at Bugscale SA, where he focuses on security research. He's been involved in the CTF community for more than 6 years and he currently leads the 0daysober team. While he focuses on Linux exploits he also loves to tackle some Windows challenges. He has also created the W3Challs hacking platform, hosting challenges in categories including web, crypto, and userland/kernel pwnables.

COURSEOUTLINE

Topics for the first part of the course include:

Review of the current state of Linux userland security

ROP and JOP techniques on Intel x86 and x86_64 architectures

SSP bypasses

Other vulnerability classes

Miscellaneous tips and tricks relevant to both real life exploits and CTFs

Improving exploit reliability

C++ exploitation (vftables, corruption of std objects...)

Then we will dive into heap-based exploitation and detail the inner workings of the glibc heap allocator so that you can finally understand the magic behind ptmalloc and how it can be abused to achieve remote code execution. Once you have made sense out of the allocator, we'll move onto exploitation, with step-by-step practice labs:

This training familiarizes developers and security professionals of any level with modern cryptography concepts and best practices. It covers basic notions, including randomness generation, authenticated encryption, and elliptic curves, as well as applications like TLS 1.3, password security protocols, libraries and APIs, and software side-channel attacks. Finally, our training offers an overview of advanced topics including post-quantum cryptography.

We have given cryptography trainings since 2013, and over the years have kept improving our content and format for an optimal learning experience. We strive to make cryptography more approachable and less abstract than in typical teaching material.

The class is

Practice-oriented: Lectures present real-world failures and by analyze how they could have been avoided, and exercise sessions consist of a mix of made-up problems and examples of real vulnerabilities found in widely deployed systems.

New and unique: We are closely involved in the latest developments in cryptography, and regularly integrate new content into our trainings to follow the latest innovations and applications. Each training session therefore includes fresh and updated content.

Interactive: We encourage participants to ask questions about the topics presented or even other topics, which usually leads to interesting discussions.

Previous versions of this training were given at events including Black Hat Europe, Troopers, and in private sessions for organizations including Google and Facebook.

ABOUTTHETRAINERS

Both trainers hold PhDs in cryptography and have in combination more than 20 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications. The trainers are also experienced speakers, regularly presenting at leading industry and research conferences all around the world.

JP Aumasson

Jean-Philippe (JP) Aumasson is the founder and managing director of Teserakt, a Swiss-based company specialised in IoT security and offering an end-to-end encryption solution. He is an expert in cryptography and the author of the reference book Serious Cryptography (No Starch Press, 2017). He designed the widely used cryptographic algorithms BLAKE2 and SipHash, which he developed after a PhD from EPFL (Switzerland, 2009). He regularly speaks at leading security conferences about topics such as applied cryptography, quantum computing, or blockchain security. JP also holds advisory roles in Kudelski Security and Taurus Group.

Philipp Jovanovic

Philipp Jovanovic is a post-doctoral researcher at EPFL’s Decentralized and Distributed Systems (DEDIS) Lab, Switzerland. In 2015, he obtained his PhD in cryptography from the University of Passau, Germany and in 2020 he will join the Information Security Research Group (ISRG) at the University College London (UCL) as an Associate Professor. Philipp has worked on a broad set of topics in cryptography, security, privacy, and systems design, including encryption algorithms like NORX and OPP/MRO, and distributed security protocols like ByzCoin, RandHound, OmniLedger or drand. Philipp's research is regularly published at top-tier academic crypto/security venues and you can find him frequently speaking at conferences around the globe.

CLASSREQUIREMENTS This training is suitable to any security professional or security-minded developer who has at least some basic understanding of cryptography. You should know the difference between public-key cryptography and secret-key cryptography, but you don't need to know the maths behind. We expect participants to be familiar with basic programming concepts, and it's recommended to be familiar with C and Python syntax, since many exercises are in one of these languages.Register

Approaching IoT devices from a security assessment standpoint can be intimidating, especially when you need to work hands-on with hardware but fear not! This is the training for you, if you want to take your first steps into how to discover vulnerabilities in smart devices: homes, cars, routers, PLC’s, medical equipment and other IoT devices.

We will guide you through systematic analysis of IoT devices to identify vulnerabilities. You will interact directly with hardware interfaces, and become comfortable with using the hardware and software tools of the trade to evaluate IoT devices and their firmware. After having played with different devices, you will have a chance to apply your newly learned skills conducting a penetration test against a smart home.

After the training, you will be able to understand the hardware and software attack surface of IoT devices to help them get more secure. Going forward you will tackle the most common situations confidently, including when the firmware is not publicly available. This training is for security professionals and/or CTF enthusiasts who want to improve their pwning skills.

ABOUTTHETRAINER

Roland Sako is a security researcher based in Geneva, Switzerland, working as part of the Kaspersky ICSCERT team. He is particularly interested in embedded devices security and gamification for security related subjects. He previously worked as a security consultant as well as part of the education team of Kaspersky Lab. Roland graduated from the University of Lausanne in Legal Issues, Crimes and IT Security.

COURSEOUTLINE

Topics covered in the class include:

IoT vulnerability research

Methodology

A few cases

Overview of our final target (smart home)

Information gathering Lab :

Hardware reconnaissanc

Firmware analysis

Intro to different types of firmware

Obtaining the firmware

Basic firmware analysis – Labs :

Firmware static analysis

Firmware emulation

Hardware Interfaces and protocols

Reading datasheets

Getting familiar with the hardware tools

Passive and active interaction with interfaces – Labs :

Identifying pins manually

Reading from and writing to an EEPROM with SPI

Sniffing I2C buses

Gaining root shell, debugging and dumping memory through UART

Debugging the target and dumping memory over JTAG

Enumerating and interacting with BLE device

Analyzing resources

Hunting for interesting resources – Labs

Finding backdoors and hardcoded secret

Binary analysis

Intro to reversing ARM binaries using r2 – Labs

Automating the process

Responsible disclosure

Conclusion

Final Lab

Attacking a smart home

CLASSREQUIREMENTS

A laptop with at least 20GB of free space, 4GB of ram and two USB Type-A ports available

Virtual Box and admin access to install additional software.

Experience with any programming language

Familiarity with basic Linux commands

Basic knowledge of C and/or C++

Basic reverse engineering skills

Knowledge of / Grasp of the most common network protocols

Experience using a disassembly tool would be helpful, but not necessary

This training focuses on elevating your malware analysis, forensic investigations, and incident response knowledge into the cloud. The hands-on training focuses on building a fully automated malware analysis, threat intelligence, and forensics investigation pipeline by utilizing AWS based cloud infrastructure. We will cover scenarios, exercises and demos about building fully automated and scalable services that can perform both static as well as dynamic malware analysis, forensic artifact collection at scale, performing automated investigations against IAM attacks, gathering threat intelligence as well as creating alerts and reports.

By the end of this training, we will be able to use cloud technologies like Cloudtrail and Cloudwatch to detect IAM attacks, serverless functions to perform on-demand scans, docker containers to deploy our threat scanning services at scale, notification services to create detection alerts, malware-infected virtual machines to perform automated forensic investigations and artifacts collection, DynamoDB and AWS Athena for building real-time threat intelligence and monitoring dashboards.

We will learn to use in-built AWS services along with open source and custom-built tools to connect our file scanning services. In all, we will be building a fully automated incident response as well as threat intelligence pipeline that can be used by large scale security teams and researchers.

The workshop will begin by covering details about public cloud infrastructure like AWS, Azure, and GCP. We will build a technical and architectural understanding of the cloud and its services in the introductory phase. We will then dive into the Identity and access management based attack and defense scenarios along with running security assessments and automated tests against the entire infrastructure.

The second phase of the workshop will cover hands-on tool building for static file scanning of AWS object stores using clamAV and Yara engines. We will cover exercises on building and integrating serverless functions to build services like hash lookup, file-type determination and automated signature update through S3 buckets.

The third phase of the workshop will deal with deploying AWS container services to run malware feature extraction and heuristic detection services at scale. By using real-life scenarios, we will build an alerting and notification service using SNS and slack. This service will integrate with lambda functions and web sockets to notify users when an infection is found. The next exercise of this phase will focus on building automated response and investigation using tags and cloudwatch events.

In the fourth phase of the workshop, we will learn to build real-time threat intelligence dashboards using Amazon Athena and ELK stack. We will learn to write queries to derive rich intelligence out of the collected data.

The final phase of the workshop will focus on forensic investigations in AWS. It begins by creating automated forensic artifact collection, integrating it with automated analysis like building timeline and dumping process memory. We will run through hands-on exercises on building investigation playbooks using step functions to automate most of the investigation and reporting process.

ABOUTTHETRAINER

Abhinav Singh is an information security researcher for Netskope, Inc. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat, RSA& Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.